Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - SANS Internet Storm Center InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Port 12345 / NAT fingerprint

Published: 2004-02-04
Last Updated: 2004-02-04 23:04:32 UTC
by Pedro Bueno (Version: 1)
0 comment(s)
Port 12345

We noticed an increase in the targets and records of port 12345. While the source number is still stable, this traffic is considered suspicious.
The graph of this activity can be found here:

We are requesting some packet dumps of this activity. Tcpdump/Windump format is preferable.

NAT devices fingerprint

A request for data was posted today at the Intrusions List.
Johannes Ullrich, ISC's CTO is requesting help to
fingerprinting various NAT devices based on source ports.

If you have a NAT device, please hit this page:

It will tell you the source port, and allow you to fill in
the NAT device you use to have it emailed to ISC database.


Handler on duty: Pedro Bueno
0 comment(s)
Diary Archives